The present invention relates to session management technology, and more particularly, to a method and an apparatus for managing sessions of different websites.
In page design of a website, pages from different websites can be integrated into one page. For instance, the pages from other websites may be embedded in one page of one website. Usually, iFrame technology can be used to embed the page. In such case, the page containing another page can be called as container page, and the page embedded in another page can be called as embedded page.
When a user opens a page of a certain website on a browser of a client, a session for the client to access the website will be established at a server of the website, and a session identifier will be generated to identify the session. The session identifier may be obtained from Cookie stored at the client. Usually, the session of the website will be set with session timeout information. If the user does not operate (such as click and the like) on the page of the website within a time period limited by the session timeout information, the situation where the session terminates due to the session timeout occurs.
If the page is embedded with a page of other website, the similar situation would occur. During the user operates on the container page, if the embedded page is not operated on within the time period limited by the corresponding session timeout information, the session corresponding to the embedded page will be time out. On the contrary, during the user operates on the embedded page, if the container page or other embedded page (if any) are not operated on within the time period limited by the corresponding session timeout information, the session corresponding to the container page or other embedded page will also be timeout. In order to avoid such situations, the user may operate on the embedded page or container page at regular intervals to reset the timeout of the session corresponding to the embedded page or container page during the operations on the container page or embedded page, to avoid the session from timeout. However, this is very inconvenient for the user.
There is an existing approach in the prior art to solve the above problem. In this approach, all the servers of the websites provide a keep-alive service such as a servlet for synchronization of session timeout. When the client detects that the user operates on any page in the container page which has the embedded page, the client sends an operation request to the server of the website to which the operated page belongs and also sends a keep-alive request to the server of the website to which other page belongs, so as to avoid the relevant session of other website from timeout. However, this approach requires adding operation codes for each operation at the client to the web application's business logic, which is time consuming and error-prone.
FIG. 4 shows a schematic diagram of an example in which the above approach is implemented. As shown in FIG. 4, the servers of website A and website B are installed with the synchronization servlet for synchronization of session timeout, and the page of the website B is embedded into the page of the website A using iFrame. In this case, the page of the website A is the container page and the page of the website B is the embedded page. During the user operates on the embedded page, an operation request is sent to the server of the website B, and a request for invoking the synchronization servlet is also sent to the server of the website A. The server of the website A synchronizes the session of the website A in response to the request.